What? A small helper script written in python to assist in solving WORDLE of the day. Why? My colleague introduced me to the WORDLE game which is very popular now. I found it very interesting and started solving them everyday. Soon I found it harder to think of words. So I wrote this script to help me solve WORDLE everyday. WORDLE Helper Script Script Demo Help Page: Use the suggest feature to get words with specified number of vowels....
What? Shotter - Quickly take screenshots of a list of URLs. Why? During an internal assessment, I wanted a tool to see what web applications are running in range of IP’s. Couldn’t get EyeWitness to work. How? Written in python. Makes use of selenium webdriver to open websites and capture screenshots. To speed up the process of taking screenshots, the script makes use of multiprocessing - WHY?. Why Multiprocessing?...
Introduction This post demonstrates a reverse shell over ICMP which will work on both windows and linux platforms. The idea is to create two different programs, a server program which will run on attacker controlled machine and a client program which when run on a victims machine will connect to the server program. Once connected, the client program will accept commands from server and will reply with the command output. Both client and server will make use of ICMP Echo messages to communicate....
Purple Teams through VECTR™ generates success defense metrics and helps align Red and Blue Teams towards the same mission: protecting the organization by discovering and plugging detection gaps. https://sra.io/vectr/ Installing Vectr Note: This is only for ubuntu - https://docs.vectr.io/Installation—Ubuntu/ Install pre-requisites if not already. curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" sudo apt update sudo apt-get install docker-ce docker-ce-cli containerd....
Introduction Recently, I had the opportunity to the pentest the Wipro Holmes Orchestrator v20.4.1 application. During the assessment, I found a few interesting vulnerabilities which are covered in this post. CVE-2021-38146: Arbitrary File Download The Wipro Holmes Orchestrator provides an API endpoint to download various files through the applications such as log files. This functionality is visible only to the logged in users. However, the API itself does not have any authentication required to be called....
Intro Challenges which I was able to solve in playsecure CTF and the scoring, rank etc. ...
Challenge Description Reverse engineer the attached file to get the flag. Difficulty: Medium Category: Reverse ...
Challenge Description Introducing Color Generator! Enter an expression that returns a number and get a color! This can’t be abused! …right? Flag is in /etc/flag.txt Connect to the challenge at exploitation.ps.ctf.ae:2020 ...
Challenge Description Can you point to the stars? Make the pointer point to the flag! Connect to the challenge at exploitation.ps.ctf.ae:5454 ...
Challenge Description Just a welcome card generator website. Nothing vulnerable here! Some characters are filtered to prevent exploitation. Good luck! The flag is well…somewhere. Find it on the system! It’s still called flag.txt. Challenge: http://web.ps.ctf.ae:8882/ Difficulty: Medium Category: Web ...